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CLAIMS 

1. A device for Multimedia authentication of a user (UE) 
accessing a Multimedia domain (IMS) through an access 
network (UMTS; WLAN; GPRS; CDMA 2000), the device for use 

5 in, or in co-operation with, a subscriber server (HSS; 

AAA) of the access network holding authentication data 
for the user and accessible to the Multimedia domain 
(IMS) , the device characterised by comprising: 

— means for deciding that an implicit authentication 
10 between the user (UE) and the Multimedia domain (IMS) 

can take place, . thus skipping the needs for an 
explicit authentication; and 

- means for instructing a serving entity (S-CSCF) in 
charge of authenticating . the user (UE) in the 

15 Multimedia domain (IMS) that implicit authentication 

can take place. 

2. The device of claim 1, wherein the means for deciding 
that an implicit authentication can take place includes 
means for determining the potential security of the 

20 signalling path to access the Multimedia domain through 

said access network. 

3. The device of claim 1, wherein the means for instructing 
the serving entity that an implicit authentication can 
take place include means for indicating (Implicit 

25 Authentication) that the final decision is on the user's 

side (UE) which might force an explicit authentication, 

4. The device of claim 1, wherein the means for instructing 
the serving entity that an implicit authentication can 
take place include means for indicating (Implicit 

30 Authentication by network) that this is a final decision 
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taken by the network and no explicit authentication can 
be carried out. 

5. The device of claim 1, further including means (Implicit 
Authentication; Implicit Authentication by the network) 

5 for notifying the user's equipment that an implicit 

authentication of the user for accessing the Multimedia 
domain can by carried out by the network. 

6. The device of claim 1, wherein the means for deciding 
that an implicit authentication between the user (UE) and 

10 the Multimedia domain (IMS), can take place includes means 

for receiving a proposal of implicit authentication (SSO 
proposal) originated from the .user/ s equipment (UE)...... 

7. The device of claim 3, further comprising means for 
receiving an indication (SSO enabled) originated from the 

15 user's equipment (UE) to confirm the acceptance of the 

implicit authentication proposed by the network. 

8. The device of claim 7, further comprising means for 
indicating (Implicit Authentication user-confirmed) to 
the serving entity (S-CSCF) in charge of authenticating 

20 the user in the Multimedia domain (IMS) that the user has 

confirmed the implicit authentication. 

9. The device of claim 8, further comprising means for 
providing additional authentication data to said serving 
entity (S-CSCF) , said additional authentication data 

25 including at least one element selected from a group of 

elements comprising: authentication type; access 
information; and authentication time stamp . 

10. A user's equipment (UE) enabled to get access to a 
Multimedia domain (IMS) through an access network (UMTS; 

30 WLAN; GPRS; CDMA 2000) , and arranged to carry out a first 

explicit Authentication procedure with the access network 
and a second explicit authentication procedure with the 
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Multimedia domain (IMS), the user's equipment (UE) 
characterised by having means for processing at least one 
notification selected from a group of notifications 
including: 

5 — a notification (Implicit Authentication; Implicit 

Authentication by the network) received ^rom the 
Multimedia domain (IMS) indicating that an ^implicit 
authentication for the user can be carried out by the 
network; and 

10 — a notification (SSO Proposal) proposed from the user's 

equipment (UE) towards the Multimedia domain (IMS) to 
carry out an implicit authentication between said 
user's equipment and Multimedia domain. 

11. The user's equipment (UE) of claim 10, wherein the means 
15 for processing a notification received from the 

Multimedia domain (IMS) includes means for receiving and 
processing an indication (Implicit Authentication) that 
the final decision is on the user's equipment (UE) which 
might force an explicit authentication. 

20 12. The user's equipment (UE) of claim 11, further comprising 
means for sending towards the Multimedia domain (IMS) an 
indication (SSO enabled) to confirm the acceptance of the 
implicit authentication proposed by the network. 

13. The user's equipment (UE) of claim 12, further comprising 
25 means for providing additional authentication data 

towards the Multimedia domain (IMS), said additional 
authentication data including at least one element 
selected from a group of elements comprising: 
authentication type; access information; and 

30 authentication timestamp. 



14. The user's equipment (UE) of claim 10, wherein the means 
for processing a notification received from the 
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Multimedia domain (IMS) includes means for receiving and 
processing an indication (Implicit Authentication by the 
network) that the implicit authentication is a final 
decision taken by the network and no explicit 
5 authentication can be carried out. 

15, A method for authenticating a user (UE) accessing a 
Multimedia domain (IMS) through an access network (UMTS; 
WLAN; GPRS; CDMA 2000), the method comprising: 

— a step of authenticating the user in the access 
10 network (UMTS; WLAN; GPRS; CDMA 2000) where the user 

accesses through, the access network having a 
subscriber server (HSS; AAA) with authentication data 
for the user and accessible to the Multimedia domain 
(IMS) ; and 

15 - a step of registering the user (UE) into the 

Multimedia domain (IMS) ; 

the method characterized by comprising: 

— a step of deciding that an implicit authentication 
between the user (UE) and the Multimedia domain (IMS) 

20 can take place, thus skipping the needs for an 

explicit authentication; and 

— a step of instructing a serving entity (S-CSCF) in 
charge of authenticating the user (UE) in the 
Multimedia domain (IMS) that • implicit authentication 

25 can take place. 

16. The method of claim 15, further comprising a step of 
notifying from the Multimedia domain (IMS) (Implicit 
Authentication; Implicit Authentication by network) to 
the user's equipment (UE) that implicit authentication of 

30 the user for accessing the Multimedia domain can by 

carried out. 
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17. The method of claim 15, wherein the step of deciding that 
an implicit authentication can take place includes a step 
of determining the potential security of the signalling 
path to access the Multimedia domain through said access 

5 network . 

18. The method of claim 15, wherein the step of deciding that 
an implicit authentication can take place includes a step 
of proposing from the user's equipment (UE) towards the 
Multimedia domain (IMS) an implicit authentication to be 

10 carried out between said user's equipment and Multimedia 

domain . 

19. The method of claim 15, wherein the step of instructing 
the serving entity that an implicit authentication can 
take place include a step of indicating (Implicit 

15 . Authentication by the network) that this is a final 

decision taken by the network and no explicit 
authentication can be carried out . 

20. The method of claim 15, wherein the step of instructing 
the serving entity that an implicit authentication can 

20 take place includes a step of indicating (Implicit 

Authentication) that the final decision is on the user's 
equipment which might force an explicit authentication. 

21. The method of claim 20, further comprising a step of 
confirming (SSO enabled) from the user's equipment (UE) 

25 acceptance of an implicit authentication proposed by the 

network . 

22. The method of. claim 21, further comprising a step of 
indicating (Implicit Authentication user-confirmed) to 
the serving entity (S-CSCF) in charge of authenticating 

30 the user (UE) in the Multimedia domain (IMS) that the 

user has confirmed the implicit authentication. 
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23. A serving entity (S-CSCF) in charge of authenticating a 
user (UE) in the Multimedia domain (IMS) when the user 
accesses thereto through an access network (UMTS; WLAN; 
GPRS; CDMA 2000) where said user had been previously 
5 authenticated, the serving entity (S-CSCF) characterized 

by comprising: 



- means for receiving and processing instructions 
(Implicit Authentication; Implicit Authentication by 
the network) originated from the device of claim 1 
10 indicating that an implicit authentication can take 

place; and 

■== means for notifying (Implicit Authentication; Implicit 
Authentication by the network) to a user's equipment 
(UE) that an implicit authentication of the user for 
15 accessing the Multimedia domain (IMS) can by carried 

out by the network. 

24. The serving entity (S-CSCF) of claim 23, also comprising 
means for receiving an indication (SSO enabled) 
originated from the user's equipment (UE) of claim 12 to 
20 confirm acceptance of an implicit authentication proposed 

by the network. 

25- The serving entity (S-CSCF) of claim 23, further 
comprising means for receiving an indication (Implicit 
Authentication user-confirmed) originated from the device 
25 of claim 8 indicating that the user has confirmed the 

implicit authentication. 

26. The serving entity (S-CSCF) of claim 25, further 
comprising means for checking the matching of additional 
authentication data respectively received from the device 
30 of claim 9 and from the user's equipment of claim 13 in 

order to provide an extra security support. 
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27. The serving entity (S-CSCF) of claim 26, wherein said 
additional authentication data include at least one 
element selected from a group of elements comprising: 
authentication type; access inf ormation; and 

. 5 authentication timestamp. 

28. The serving entity (S-CSCF) of claim 23, wherein the 
means for notifying the user (UE) that an ^implicit 
authentication can by carried out by the network includes 
means for indicating (Implicit Authentication by the 

10 network) the user (UE) that the implicit authentication 

is a final decision taken by the network and no explicit 
authentication can be carried out. 

29. A Proxy entity (P-CSCF) intended to act as an entry point 
into the Multimedia domain (IMS) for users (UE) accessing 

15 thereto through an access (UMTS; WLAN; GPRS; CDMA 2000) 

network where the user had been previously authenticated, 
characterized by having means for processing at least one 
notification selected from a group of notifications 
including: 

20 - a notification (Implicit Authentication; Implicit 

authentication by the network) sent towards the user's 
equipment (UE) to indicate that an implicit 
authentication of the user for accessing the 
Multimedia domain (IMS) can by carried out by the 

25 network ; and 

— a notification (SSO Proposal) received from the user's 
equipment (UE) to propose an implicit authentication 
towards the Multimedia domain (IMS) between said 
user's equipment and Multimedia domain. 

30 30. The Proxy entity (P-CSCF) of claim 29 further comprising 
means for receiving an indication (SSO enabled) from the 
user's equipment (UE) accepting the implicit 
authentication proposed by the network. 
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31. The Proxy entity (P-CSCF) of claim 29 further comprising 
means for indicating (Implicit Authentication by the 
network) to the user (UE) that the implicit 
authentication is a final decision taken by the network 

5 and no explicit authentication can be carried out. 

32. An interrogating entity (I-CSCF) querying a subscriber 
server (HSS; AAA- 3 GPP) in the Multimedia domain (IMS) 
about a user (UE) having accessed said Multimedia domain 
through an access network (WLAN; GPRS) , the interrogating 
entity having means for receiving a registration request 
from the user, and means for acknowledging such 
registration towards the user, and characterized by 

"" comprising means for transmitting an indication (Implicit 
Authentication; Implicit authentication by the network) 
towards the user (UE) that an implicit authentication of 
the user for accessing the Multimedia domain (IMS) can by 
carried out. 

33. The interrogating entity (I-CSCF) of claim 32. further 
comprising: 

- means for receiving an indication (SSO enabled; SSO 
proposal) originated from the user's equipment (UE) to 
enable an implicit authentication; and 

- means for transmitting such indication from the user's 
equipment towards at least one entity selected from a 

25 group of entities comprising the device of claim 1 and 

the serving entity (S-CSCF) of claim 23. 

34. The interrogating entity (I-CSCF) of claim 32 further 
comprising means for transmitting towards the user (UE) 
an indication (Implicit Authentication by the network) 

30 that the implicit authentication is a final decision 

taken by the network and no explicit authentication can 
be carried out. 



20 



